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A mission-systems architecture, based on u highly modular infrastructure utiiLzing open- 
standards hardware and softH'are interfaces as the enabling technology is essential lor 
affordable and sustainable space exploration programs^ This mission-systems architecture 
requires (a) robust communication between heterogeneous systems, (b) high reliability, (c) 
minimal mission-to-mission reconfiguration, (d) affordable development, system integration, 
and verification of systems, and (e) minimai sustaining engineering. This paper proposes 
such an architecture. Lessons learned from the Space Shuttle program and Eat;thbound 
complex engineered systems are applied to define the model. Technology projections 
reaching out S years are made to refine model details. 


^^^b£~^s~s1'd'n~systems~aKMectur&-tQ-suppo!Ft-ambitiQUs-space--exploratiaiiJict^^^ will be challenged at the 
jl physical level by large scale distances and hostile environements, at the local level by allocatiQii constraints, and 
at the support level by organkational, social and cultural divides. Each of these except for the long distances and 
hostile environement will change on a periodic basis several times over the decades of space cxploratiGii envisoned 
by the NASA Roadmap [ I ] 

The paper will present four operationally significant criteria that will be used in defining the systems and in 
allocating functions for local or remote performance. Three major components to be examined for their contribution 
to deploying a successful mission systems architecture are: 

• A hardware layer based on a node-based network with tunable redundancy, automated fail-over based on 
intelligent agents, and plug and play interaction that includes automatic reconfiguration based on detection 
and recognition of new components. 

e A software architecture applicable firom the lowest level subsystem to the integrated mission system based 
on open-standards middleware, eg IEEE 1516. 

® A tansparent switching firamework of flight hardware, flight equivalent hardware, emulatioii of flight 
hardware, and network-comiected computers contaioing high-fidelity software models as well as stubs and 
harnesses necessary for system testing. 

n. The Four Keys to Success of Mission System Architecture 

“A central concept, of the new U.S. National Vision for Space Exploration is that . space exploration activities 
must be ‘Sustainable”' (NASA’s 2004 H&RT Formulation Plan). Sustainability encompasses the following four 
key areas that are critical to successful deployment and operations of the conceptual mission systems architecture. 
Each of these criteria has built-in trades that if carried out consistently and systeniaticaliy will lead to an 
implementation that supports human space exploration for decades to come. 

» Affordable: Life cycle costs at each stage must be consistent with NASA budgets. Unplanned spikes must 
be minimised. Future costs resulting from decisions made today should be well grounded with relevant 
validation- and historical basis. The primary trade is when will a system or capability be available and in 
what quantity. 


’ Computer Scientist, Shuttle Flight Software, 600 Gemini M/C USH-632L, AIAA Senior Member. 
^ Chief Engineer, Shuttle Flight Software, 600 Gemini M/C USH-631A, Member 
^ Computer Scientist, Shuttle Flight Software, 600 Gemini M/C USH-635L 
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• Reliable and safe: Future space exploration systems, infrastructures and missions must be safe and reliable. 
Safety will be defmed as *'As Safe As Reasonably Achievable” (ASARA); analogous to the nuclear 
industries “As Low As Reasonably Achievable” (ALARA) when deciding on alternatives involving human 
exposure to radiation. 

» Effective: The capabilities of a new system or infrastnicturc mxist be worth the costs of developing, 
building,, and owning them. The goals and objectives achieved by missions using those systems and 
infrastructure components must be worth die costs and risks of owning them. • 


• Flexible: The families of new systems, infrastructures, and technologies should be capable of adapating to 
changing policy objectives, . requirements, interfaces, and operational scenarios. The systems and 
infrastructures whould be capable of extension to support new missions. The principal focus of trades in 
this area is how much flexibility is desired in each component of the MSA. 

The three MSA Components treated in this paper support the four operations criteria as explained below: 
Affordability 

• Transparent switching significantiy reduces costs by supporting new systems concept validations earlier 
without Teal hardware, by reducing hardware requirements for training scenarios, and by reducing systems 

^^^mtegration-effortsv- 

-Reliable~autoiBatic--rcconfigur-ation-reqiviredrTn--long-distance— missiomr^vrutualiy^eiimmutes"exp'cns^i^^ 
ground-based reconfigiuration applications and reduces human-in-the-loop interaction requirements for 
shorter range missions, 

» Incremental building block approach simplifies integration of new systems into existmg flight systems. 
Reliability/Safety 

• Redundancy tuned to the level required, whether N+1, N+M or full duplication where necessary, to give 
quantifiable probability of mission success. 

Effectiveness 

» Building upon recognized industiy/space standards significantly reduces costs and the risk of development 
while offering a highly effective combination of real-time performance, scalability, and fault- tolerance. 

Flexibility 

• Open-standards interfaces allow for technology evolution, 

• Plug and Play supports the building block approach. 

• Automated reconfiguration driven by intelligent agents provides fast responses with minimal human 
demand. 


m. Where Are The Challenges? 

Technical challenges are: expected in providing the scalability required for increasingly more ambitious space 
missions. Advancing technology can be counted on up to a point. Robust margins arc helpful, but must be paid for 
in advance with no guarantee ihay will be used. 

Automatic reconfiguration and the plug and play implementation require strict adherence to standards. Making 
the standard interface infraatruotsirc robtist enough to minimize the need for unique interfaces is a technical 
challenge to be addressed. But much of the risk has been reduced by DOD and industry initiatives in High Level 
Architecuies (HLA) . Re-use of these FILAs eliminates major overhead of developing such an infinstructure from 
scratciL So work can be focused on interfacing with common HLA interfaces rather than painful iterative 
refinement of another standard exclusive to the space community. 

Reconfiguration work must begin early so that major cost drivers such as number of modes and states, interfaces, 
and size of the data and information base will be accurate. Addition of a mojor mode late in the development cycle 
will have adverse effects on cost and scheduel while increasing program risk. Early definition of these fcahircs 
provides a solid foundation for^ mission system planners and analysts to begin scenario development and analysis. 
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This early start can be leveraged to gain much experience in safety related issues while there is still time to 
accommodate changes. 

Each generation of aerospace modeling and simulation faces new challenges since data becomes more refined, 
CPUs run faster, and smaller details become important in second order interactions. Other difficulties cease to be a 
problem No one develops Six Degree of Freedom simulations in Assembly language to fit CPU provisions 
anymore. But no one has a solid answer to automated reconfiguration requirements for life critical functions on very 
long term space missions. 

Based on recent experience, modeling and simulation approaches should utilize: 

A, Tight coupling between the operational software, and that used for test, and training. 

B. Tight coupling of tlie simulators with the operational software. 

Based on need projections for long duratiGn space rnissions, ne'w start modeling and simulation approaches 
should include: 

A. Use of mirrored networks for operational and simulations. 

B. On-board versions of the simulations for checkout, training, test, and procedures development. 


IV. Future Vision 

Modeling and simulation will play an important role in the development of new space systems. The 
_develapinent-aTicLaxseu 3 f th c models-jmd^imuUticuis— willJiavc-^giiiftcantimpact _oii^Qst-and-Sj[dieduIe,_so-J.tJsL 
_irnpoTtantjto43rovide_theJies_tTrame:wj6rk_andJojik._Mojlelsjwn 

support software development, for hardware checkout, and for crew and ground support training. A continuing 
challenge is the accurate emulation of hardware by the models. To mmim lTe cost, die models should be developed 
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analysis. 

One way to reduce simulation costs is to factor the need for models into the hardware architecture for the 
envisioned spac-e vehicle. Considering the operational aspects during hardware design will avoid the need for the 
parallel modeling systems and additional overhead prevalent in today's operations using custom models or 
simulations at each facility or lab. An architecture that supports generic hardware executing models and using the 
same interfaces as the real hardware allows the models to be used earlier and more effectively in the development 
and operational support of the next generation space vehicles. For example, a model of a proposed hardware upgrade 
can be developed and used within the existing vehicle architecture to better determine the impacts to the overall 
system before the actual hardware specifications are released. 



Figure 1. Model Insertion In Operational System 

The entire space vehicle’s systems would be set up as a high-speed interconnected system, of networks. Each 
system (engines, environmcciTal, maneuvering, landing gear, displays, flight control computer, mass memory, 
telemetry, etc) would have its own logical computer resources. The redundant network would provide 
communications, centralized tinting, and power capability for each system. All flight hardware would be designed 
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